Apple: Update iOS And Mac OS X Immediately To Avoid SIP Security Risk

Apple device users are being urged to update to the latest versions of iOS and OS X to stay protected from a new zero-day vulnerability that is affecting all previous versions of the software.

The flaw affects Apple’s latest protection feature, the System Integrity Protection (SIP), allowing hackers to bypass it and leave devices at risk of cyber-attacks that could steal their data, according to researcher Pedro Vilaça from security firm SentinelOne.

Only the OS X version 10.11.4 and iOS 9.3, both of which were released on earlier this week at Apple’s launch event are not vulnerable, meaning that the vast majority of Apple devices are currently at risk.

At risk

SentinelOne says it reported the vulnerability in January 2016 to Apple, which is why the flaw has been removed from the latest versions of its operating systems.

“This kind of exploit could typically be used in highly targeted or state sponsored attacks,” the company said.

However it’s not yet known if patches for any earlier iOS or OS X versions are planned, with Apple yet to comment officially on the news.

The vulnerability, which is commonly enabled via a phishing attack or browser exploit, allows attackers to escalate their privileges to bypass System Integrity Protection on mobile and laptop devices.

It is able to evade previous software defences thanks to its use of very reliable and stable techniques that traditional detection mechanisms, looking for more obvious warning signs, would miss.

SIP, which Apple says goes further than any of its previous security protection services, is also designed to prevent potentially malicious software from modifying protected files and folders, thus protecting the system from anyone who has root access, authorised or not.

Alongside SIP, Apple also announced a number of other security upgrades for its software this week, including a fix for a high-impact vulnerability in Apple’s Messages app which could have allowed an attacker to read protected messages.

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

9 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

11 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

13 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

13 hours ago